Sunday, July 5, 2015

In the first post we got a quick insight into understanding Windows prefetch. In the second post we did a detailed analysis using the raw hex data within the "FILEZILLA.EXE-93859B09.pf file. In this post we will simply use a tool "winprefetchview"

Once the tool has been executed we see the following.

From the above we see the filename, created date, modified date, file size, process, path, run counter, last run time, etc. This basically eliminates the need for most of the work we did in the previous post. However, it is import that we understand what transpired in that post. That's it for the Windows 10 prefetch series.

Below is a list of threat intelligence websites that you can use. Cymon.io is an excellent one as it searches around 200 different sources. If you’re looking for a more exhaustive list of threat intel sites, check out https://github.com/rshipp/awesome-malware-analysis